Greetings. Apologies if this has been answered before but I didn't find a direct answer in the archives or FAQ.
Is there a howto for installing Mailman from source inside the Apache chroot on OpenBSD? I'm struggling with this, using Mailman 2.1.19, Postfix 2.4.3, and OpenBSD 4.2. There's a list of installation steps pasted below. I suspect a permissions problem. Mailman would not serve up pages when all files were owned by group mailman, so I did 'chgrp -R www /var/www/mailman'. But after trying to create a list, the aliases file is mode 660, owned by root:www. This is the error in /var/www/mailman/logs/error that results from trying to create a new list: Apr 18 11:21:00 2008 admin(1925): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(1925): [----- Mailman Version: 2.1.9 -----] admin(1925): [----- Traceback ------] admin(1925): Traceback (most recent call last): admin(1925): File "/var/www/mailman/scripts/driver", line 101, in run_main admin(1925): main() admin(1925): File "/var/www/mailman/Mailman/Cgi/create.py", line 56, in main admin(1925): process_request(doc, cgidata) admin(1925): File "/var/www/mailman/Mailman/Cgi/create.py", line 238, in proce ss_request admin(1925): sys.modules[modname].create(mlist, cgi=1) admin(1925): File "/var/www/mailman/Mailman/MTA/Postfix.py", line 232, in crea te admin(1925): _update_maps() admin(1925): File "/var/www/mailman/Mailman/MTA/Postfix.py", line 53, in _upda te_maps admin(1925): raise RuntimeError, msg % (acmd, status, errstr) admin(1925): RuntimeError: command failed: /usr/local/sbin/postalias /var/www/mailman/data/aliases (status: 1, Operation not permitted) I've also tried putting postalias inside the chroot jail but the error above persists. Thanks in advance for clues on getting this working. dn PROCEDURE FOR INSTALLING MAILMAN IN OPENBSD 4.2 APACHE CHROOT 1. Read all of the installation manual, or at least up to chapter 6, before proceeding: http://mailman.sourceforge.net/mailman-install/index.html 2. Grab mailman source and unpack: tar xzvf mailman-2.1.19.tgz 3. Add user mailman with UID/GID 91. Run adduser and follow the prompts. Set the shell to nologin and set the password to blank, and then say yes when asked if the user shouldn't be able to log in. 4. Create the /var/www/mailman directory where everything will go, and set permissions and ownership: mkdir /var/www/mailman chgrp mailman /var/www/mailman chmod a+rx,g+ws /var/www/mailman 5. If it's not there already, install python: pkg_add python-2.4.4p4 and create the appropriate symlinks to make this the default: ln -s /usr/local/bin/python2.4 /usr/local/bin/python ln -s /usr/local/bin/pydoc2.4 /usr/local/bin/pydoc Now we need to get python into the chroot. First let's find out what dependencies python has: #ldd /usr/local/bin/python /usr/local/bin/python: Start End Type Open Ref GrpRef Name 00000000 00000000 exe 1 0 0 /usr/local/bin/python 05054000 25096000 rlib 0 1 0 /usr/local/lib/libpython2.4.so.0.0 068bd000 268c1000 rlib 0 1 0 /usr/lib/libutil.so.11.0 05b7c000 25ba2000 rlib 0 1 0 /usr/lib/libstdc++.so.42.0 070f2000 270f9000 rlib 0 1 0 /usr/lib/libm.so.2.3 0b296000 2b29f000 rlib 0 1 0 /usr/lib/libpthread.so.8.0 05d9d000 25dd1000 rlib 0 1 0 /usr/lib/libc.so.41.0 0a739000 0a739000 rtld 0 1 0 /usr/libexec/ld.so OK, so all of these files and directories need to go into the chroot jail: mkdir -p /var/www/usr/lib mkdir -p /var/www/usr/libexec mkdir -p /var/www/usr/local/bin mkdir -p /var/www/usr/local/lib cp /usr/local/bin/python /var/www/usr/local/bin cp /usr/local/lib/libpython2.4.so.0.0 /var/www/usr/local/lib cp /usr/lib/libutil.so.11.0 /var/www/usr/lib cp /usr/lib/libstdc++.so.42.0 /var/www/usr/lib cp /usr/lib/libm.so.2.3 /var/www/usr/lib cp /usr/lib/libpthread.so.8.0 /var/www/usr/lib cp /usr/lib/libc.so.41.0 /var/www/usr/lib cp /usr/libexec/ld.so /var/www/usr/libexec And you'll also need some stuff from /etc in the chroot jail for UIDs and GIDs to work: mkdir -p /var/www/etc/ cp /etc/group /var/www/etc/ cp /etc/localtime /var/www/etc/ cp /etc/login.conf /var/www/etc/ cp /etc/passwd /var/www/etc/ cp /etc/pwd.db /var/www/etc/ mkdir -p /var/www/usr/share cp -R /usr/share/nls /var/www/usr/share 6. If it's not there already (try "cc" from the command line), install the compilers package: tar -C / -xzphf ${RELEASEPATH}/comp42.tar.gz 7. From the directory where you unpacked Mailman, configure and install the Mailman software: ./configure --prefix=/var/www/mailman --with-cgi-gid=67 \ --with-mail-gid=201 make make install Assuming this goes well: make clean 8. Check file permissions /var/www/mailman/bin/check_perms -f Keep repeating this step until there are no errors. 9. (Optional) Make private archives private cd /var/www/mailman/archives chown www private chmod o-x private 10. Now configure the web server to use Mailman. Open /var/www/conf/httpd.conf and add this: ScriptAlias /mailman/ /var/www/mailman/cgi-bin/ Alias /pipermail/ /var/www/mailman/archives/public/ <Directory "/var/www/mailman/archives/public/"> AddDefaultCharset Off </Directory> If you're using VirtualHosts, then the lines above belong inside each VirtualHost directive too, at least for the vhosts using Mailman. And copy the Mailman icons into place: cp /var/www/mailman/icons/*.{jpg,png} /var/www/icons/ Then restart Apache: apachectl graceful 11. Now we set up Postfix to work with Mailman. First, in /etc/postfix/main.cf, the GNUC docs say to change: unknown_local_recipient_reject_code = 550 from its current setting of 450. Also, it says to set: recipient_delimiter = + even though the current setting is: recipient_delimiter = - I'm not making this change for now, and sticking with the '-' setting. 12. Then proceed directly to section 6.1.2 of the docs to set up virtual domains. We'll come back to section 6.1.1 on Postfix-Mailman integration in a few minutes. Specifically you want to add a pointer to the end of the virtual_alias_maps parameter in /etc/postfix/main.cf. For example: virtual_alias_maps = proxy:mysql:/etc/postfix/sql/forwardings.cf proxy:mysql:/etc/postfix/sql/email2email.cf hash:/var/www/mailman/data/virtual-mailman 13. Now put the following at the end of /usr/local/lib/mailman/Mailman/mm_cfg.py, replacing 'domain1.tld' and 'domain2.tld' as appropriate with your domain names: MTA = 'Postfix' MAILMAN_SITE_LIST = 'mailman' DEFAULT_EMAIL_HOST = 'domain1.tld' DEFAULT_URL_HOST = 'domain1.tld' DEFAULT_URL_PATTERN = 'https://%s/mailman/' PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s' IMAGE_LOGOS = '/icons/' MTA = 'Postfix' POSTFIX_ALIAS_CMD = '/usr/local/sbin/postalias' POSTFIX_MAP_CMD = '/usr/local/sbin/postmap' POSTFIX_STYLE_VIRTUAL_DOMAINS = ['domain2.tld', 'domain1.tld' ] add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) add_virtualhost('domain2.tld', 'domain2.tld') 14. Set up a site-wide mailing list called 'mailman'. Mailman MUST see this list to start: /var/www/mailman/bin/newlist mailman Fill out the admin's email address and choose a password. 15. Set up Mailman maintenance as a crontab run by the mailman user: chown -R mailman:mailman /var/www/mailman cd /var/www/mailman/cron crontab -u mailman crontab.in 16. Now start the mailman daemon: /var/www/mailman/bin/mailmanctl start After starting the program the admin named for the 'mailman' list should get an email. 17. To start mailman every time the system starts, add these lines to the end of /etc/rc.local: # Mailman startup if [ -x /var/www/mailman/bin/mailmanctl ]; then echo -n ' mailman' /var/www/mailman/bin/mailmanctl -s -q start fi 18. Create site and list creator passwords. You want to read chapter 12 of the GNU docs carefully; these are like being root within Mailman! /var/www/mailman/bin/mmsitepass /var/www/mailman/bin/mmsitepass -c 19. Add mailman to www group. I don't know if this is a good security practice (I suspect it's a bad idea) but I was unable to get Mailman to work without this step. In /etc/group and /var/www/etc/group: www:*:67:mailman and restart Apache and mailman: apachectl restart /var/www/mailman/bin/mailmanctl restart 20. (Necessary?) Find which postalias stuff needs to go into the chroot jail: ldd /usr/local/sbin/postalias /usr/local/sbin/postalias: Start End Type Open Ref GrpRef Name 00000000 00000000 exe 1 0 0 /usr/local/sbin/postalias 015ad000 215b8000 rlib 0 2 0 /usr/lib/libssl.so.11.0 0a28e000 2a2bd000 rlib 0 2 0 /usr/lib/libcrypto.so.13.0 00eaf000 20ebb000 rlib 0 1 0 /usr/local/lib/libpcre.so.1.1 0688d000 26893000 rlib 0 1 0 /usr/local/lib/libsasl2.so.2.22 03e8c000 23eba000 rlib 0 1 0 /usr/local/lib/libmysqlclient.so.18.0 00a26000 20a5a000 rlib 0 1 0 /usr/lib/libc.so.41.0 08a55000 28a5d000 rlib 0 1 0 /usr/lib/libz.so.4.1 08e39000 28e40000 rlib 0 1 0 /usr/lib/libm.so.2.3 0d23a000 0d23a000 rtld 0 1 0 /usr/libexec/ld.so And copy over the files: mkdir /var/www/usr/local/sbin cp /usr/local/sbin/postalias /var/www/usr/local/sbin/postalias cp /usr/lib/libssl.so.11.0 /var/www/usr/lib/libssl.so.11.0 cp /usr/lib/libcrypto.so.13.0 /var/www/usr/lib/libcrypto.so.13.0 cp /usr/local/lib/libpcre.so.1.1 /var/www/usr/local/lib/libpcre.so.1.1 cp /usr/local/lib/libsasl2.so.2.22 /var/www/usr/local/lib/libsasl2.so.2.22 cp /usr/local/lib/libmysqlclient.so.18.0 /var/www/usr/local/lib/libmysqlclient.so.18.0 cp /usr/lib/libc.so.41.0 /var/www/usr/lib/libc.so.41.0 cp /usr/lib/libz.so.4.1 /var/www/usr/lib/libz.so.4.1 cp /usr/lib/libz.so.4.1 /var/www/usr/lib/libm.so.2.3 cp /usr/libexec/ld.so /var/www/usr/libexec/ld.so ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
